In the age of collaborative commerce, where businesses increasingly open up areas of their internal systems to partners, it is easy to forget that even the closest business allies can represent a threat. "A chip manufacturer we are working with had one of its chip designs stolen by a business partner," illustrates Chris Klaus, chief technology officer of Internet Security Systems (ISS).
The semiconductor company only discovered the breach when manufacturing units in South East Asia started churning out chips featuring the new design. By then, it was too late. "They know that one of their partners must have stolen the design and forwarded it to one of these fabrication plants in Asia," says Klaus.
He attributes the theft to the fact that the chip maker's only security was the firewall software it had installed to partition its extranet from the rest of its network. Yet firewall software is notoriously badly maintained, often full of exceptions that any half-competent hacker can exploit.
The company's problem was compounded by the fact that beyond the firewall, there was nothing to alert the company to intruders.
What is remarkable is that this company's experience is hardly unique. According to NetIQ security consultant Majed Sabir, organisations keep making the same fundamental mistakes, time after time.
Most commonly these include securing low-risk areas first, simply because these are easier to secure; failing to install host-based intrusion detection which can automate the work involved in examining system event logs for signs of nefarious activity; and, at the same time, doing too little to reduce the number of false alarms from intrusion detection systems, which means that IT staff often either dismiss them as ‘false positives' or even switch the monitoring systems off.
There are a number of simple and inexpensive measures that the average organisation can take to minimise their risks. Aled Miles, vice president and managing director for Northern Europe at Symantec, lists five that, he says, can cut security risks by 80%.
First, they should ensure that their anti-virus software is up-to-date. Second, they need to ensure that open network ports are closed. Third, they should establish and regularly review a manageable set of firewall rules. Fourth is password management. Finally, it is essential organisations implement security patches issues by their suppliers of packaged software.
Many of these issues are dealt with by the international standard on computer security management, called ISO17799 (see Security blanket). Although interest in ISO17799 is increasing, says Klaus, knowledge of it is by no means widespread.
Yet security software more than most applications needs regular, proactive management for organisations to be able to keep up with constantly evolving threats.
Without that, even the best security software will be able to do nothing against the rising tide of port scans, probes, Trojan horses, password sniffers, disaffected insiders and malicious outsiders that organisations are being tormented by every day.